An anonymous reader quotes a report from Wired: Professional cycling has, in its recent history, been prone to a shocking variety of cheating methods and dirty tricks.Performance-enhancing drugs.Tacks strewn on race courses. Even stealthy motors hidden inside of wheel hubs. Now, for those who fail to download a software patch for their gear shifters -- yes, bike components now get software updates -- there may be hacker saboteurs to contend with, too. At the Usenix Workshop on Offensive Technologies earlier this week, researchers from UC San Diego and Northeastern University revealed a technique that would allow anyone with a few hundred dollars of hardware to hack Shimano wireless gear-shifting systems (Warning: source may be paywalled; alternative source) of the kind used by many of the top cycling teams in the world, including in recent events like the Olympics and the Tour de France. Their relatively simple radio attack would allow cheaters or vandals to spoof signals from as far as 30 feet away that trigger a target bike to unexpectedly shift gears or to jam its shifters and lock the bike into the wrong gear.

The trick would, the researchers say, easily be enough to hamper a rival on a climb or, if timed to certain intense moments of a race, even cause dangerous instability. "The capability is full control of the gears. Imagine you're going uphill on a Tour de France stage: If someone shifts your bike from an easy gear to a hard one, you're going to lose time," says Earlence Fernandes, an assistant professor at UCSD's Computer Science and Engineering department. "Or if someone is sprinting in the big chain ring and you move it to the small one, you can totally crash a person's bike like that." [...] The researchers' technique exploits the increasingly electronic nature of modern high-end bicycles, which now have digital components like power meters, wireless control of fork suspensions, and wireless shifters. "Modern bicycles are cyber-physical systems," the researchers note in their Usenix paper. Almost all professional cyclists now use electronic shifters, which respond to digital signals from shifter controls on the bike's handlebars to move a bicycle's chain from gear to gear, generally more reliably than mechanical shifting systems. In recent years, those wired electronic shifters have transitioned again to wireless versions that pair via a radio connection, such as the popular Di2 wireless shifters sold by the Japanese cycling component firm Shimano, which the researchers focused on. Shimano says it has developed a firmware update to patch the exploit but it won't be available widely until late August. The update is intended to improve wireless transmission across Shimano Di2 component platforms, though specific details about the fix and how it prevents the identified attacks have not been disclosed for security reasons.

Google's master software for some Android phones includes a hidden feature that is insecure and could be activated to allow remote control or spying on users, according to a security company that found it inside phones at a U.S. intelligence contractor. From a report: The feature appears intended to give employees at stores selling Pixel phones and other models deep access to the devices so they can demonstrate how they work, according to researchers at iVerify who shared their findings with The Washington Post. The discovery and Google's lack of explanation alarmed the intelligence contractor, data analysis platform vendor Palantir Technologies, to the extent that it has stopped issuing Android phones to employees, Palantir told The Post.

"Mobile security is a very real concern for us, given where we're operating and who we're serving," Palantir Chief Information Security Officer Dane Stuckey said. "This was very deleterious of trust, to have third-party, unvetted insecure software on it. We have no idea how it got there, so we made the decision to effectively ban Androids internally." The security company said it contacted Google about its findings more than 90 days ago and that the tech giant has not indicated whether it would remove or fix the application. On Wednesday night, Google told The Post that it would issue an update to remove the application. "Out of an abundance of precaution, we will be removing this from all supported in-market Pixel devices with an upcoming Pixel software update," said company spokesperson Ed Fernandez. He said distributors of other Android phones would also be notified.

Apple will begin letting third parties use the iPhone's payment chip to handle transactions, a move that allows banks and other services to compete with the Apple Pay platform. From a report: The move, announced Wednesday, follows years of pressure from regulators, including those in the European Union. Apple said it will allow developers to use the component starting in iOS 18.1, an upcoming software update for the iPhone. The payment chip relies on a technology called NFC, or near-field communication, to share information when the phone is near another device.

The change will allow outside providers to use the NFC chip for in-store payments, transit system fares, work badges, home and hotel keys, and reward cards. Support for government identification cards will come later, the company said. Users will also be able to set a third-party payment app as their default system, replacing Apple Pay. Apple had been reluctant to open up the chip to developers, citing security concerns. The change also threatens the revenue it generates from Apple Pay transactions. The company takes a cut of all payments made via the iPhone.

A recent study reveals that 94% of spreadsheets used in business decision-making contain errors, highlighting significant risks of financial and operational mistakes. Phys.org reports: Errors in spreadsheets can lead to poor decisions, resulting in financial losses, pricing mistakes, and operational problems in fields like health care and nuclear operations. "These mistakes can cause major issues in various sectors," adds Prof. Pak-Lok Poon, the lead author of the study. Spreadsheets are crucial tools in many fields, such as linear programming and neuroscience. However, with more people creating their own spreadsheets without formal training, the number of faulty spreadsheets has increased. "Many end-users lack proper software development training, leading to more errors," explains Prof. Poon.

The research team reviewed studies from the past 35.5 years for journal articles and 10.5 years for conference papers, focusing on spreadsheet quality and related techniques across different fields. The study found that most research focuses on testing and fixing spreadsheets after they are created, rather than on early development stages like planning and design. This approach can be more costly and risky. Prof. Poon emphasizes the need for more focus on the early stages of spreadsheet development to prevent errors. The study suggests that adopting a life cycle approach to spreadsheet quality can help reduce errors. Addressing quality from the beginning can help businesses lower risks and improve the reliability of their decision-making tools. The study has been published in the journal Frontiers of Computer Science.

An anonymous reader quotes a report from Ars Technica: Over the past few days, a software package called Deep-Live-Cam has been going viral on social media because it can take the face of a person extracted from a single photo and apply it to a live webcam video source while following pose, lighting, and expressions performed by the person on the webcam. While the results aren't perfect, the software shows how quickly the tech is developing -- and how the capability to deceive others remotely is getting dramatically easier over time. The Deep-Live-Cam software project has been in the works since late last year, but example videos that show a person imitating Elon Musk and Republican Vice Presidential candidate J.D. Vance (among others) in real time have been making the rounds online. The avalanche of attention briefly made the open source project leap to No. 1 on GitHub's trending repositories list (it's currently at No. 4 as of this writing), where it is available for download for free. [...]

Like many open source GitHub projects, Deep-Live-Cam wraps together several existing software packages under a new interface (and is itself a fork of an earlier project called "roop"). It first detects faces in both the source and target images (such as a frame of live video). It then uses a pre-trained AI model called "inswapper" to perform the actual face swap and another model called GFPGAN to improve the quality of the swapped faces by enhancing details and correcting artifacts that occur during the face-swapping process. The inswapper model, developed by a project called InsightFace, can guess what a person (in a provided photo) might look like using different expressions and from different angles because it was trained on a vast dataset containing millions of facial images of thousands of individuals captured from various angles, under different lighting conditions, and with diverse expressions.

During training, the neural network underlying the inswapper model developed an "understanding" of facial structures and their dynamics under various conditions, including learning the ability to infer the three-dimensional structure of a face from a two-dimensional image. It also became capable of separating identity-specific features, which remain constant across different images of the same person, from pose-specific features that change with angle and expression. This separation allows the model to generate new face images that combine the identity of one face with the pose, expression, and lighting of another.

An anonymous reader quotes a report from Ars Technica: A patent lawsuit filed by one of 3D printing's most established firms against a consumer-focused upstart could have a big impact on the wider 3D-printing scene. In two complaints, (1, 2, PDF) filed in the Eastern District of Texas, Marshall Division, against six entities related to Bambu Lab, Stratasys alleges that Bambu Lab infringed upon 10 patents that it owns, some through subsidiaries like Makerbot (acquired in 2013). Among the patents cited are US9421713B2, "Additive manufacturing method for printing three-dimensional parts with purge towers," and US9592660B2, "Heated build platform and system for three-dimensional printing methods."

There are not many, if any, 3D printers sold to consumers that do not have a heated bed, which prevents the first layers of a model from cooling during printing and potentially shrinking and warping the model. "Purge towers" (or "prime towers" in Bambu's parlance) allow for multicolor printing by providing a place for the filament remaining in a nozzle to be extracted and prevent bleed-over between colors. Stratasys' infringement claims also target some fundamental technologies around force detection and fused deposition modeling (FDM) that, like purge towers, are used by other 3D-printer makers that target entry-level and intermediate 3D-printing enthusiasts.

With its hardware event on Tuesday, Alphabet's Google is trying to outshine Apple's annual iPhone launch -- and is letting longtime executive Rick Osterloh take center stage. Bloomberg: Osterloh, the former president of Motorola who joined Google in 2016, will helm the first major product launch after the company this year unified under his leadership the teams developing hardware and the Android operating system. The reorganization expanded Osterloh's influence in the company and signaled that Google intends to compete in hardware for the long term.

In a sign of a more aggressive push into consumer devices, Google moved up its annual flagship Pixel smartphone launch to August from October, preempting the next Apple. iPhone debut and seizing attention during a typically quiet period for the industry. [...] By holding its hardware showcase a month ahead of the iPhone maker's largest annual event, Google is "frontrunning Apple and also making a statement that we are likely way ahead of what Apple will show for iPhone 16 at least," said Mandeep Singh, an analyst with Bloomberg Intelligence.

Google has at least a six-month head start on Apple, which has invested less in AI over the years than some of its Big Tech peers, he added. Google's strategy -- tying together the development of hardware, software and services -- carries echoes of Apple's successful approach to designing devices. Yet, as Osterloh seeks to capitalize on the opportunity presented by AI, he faces a perennial challenge for Google: bringing the fight to Apple without threatening key relationships with hardware giants such as Xiaomi that rely on the Android operating system.

An anonymous reader shares a report: Microsoft Paint isn't one of Windows' best photo editing apps, but in the recent past, the software giant introduced some exciting features, such as layer support, to make the app more viable for Windows users. While Microsoft was pouring the Paint app with new features, the Paint 3D app was dying a slow death. The app will finally be delisted from the Microsoft Store in November this year.

A company called ChargerHelp provides certified technicians to service EV charging stations (for a monthly fee). And they've just issued their annual "reliability report," reports CleanTechnica: Its analysis of more than 19 million data points collected from public and private sources in 2023 — including real-time assessments of 4,800 chargers from ChargerHelp technicians in the field — finds that â"software consistently overestimates station uptime, point-in-time status, and the ability to successfully charge a vehicle...."

[W]hen ChargerHelp technicians personally inspected 4,800 charge points, they found more than 10% were reported to be online but were in fact unable to complete a test charge... These findings by ChargerHelp are backed up by many smaller scale studies and surveys over the past several years that have found that claims of 95% uptime or greater do not match real world experience. A 2022 study of 657 chargers at 181 non-Tesla public charging sites in the San Francisco Bay Area determined that only 73% were capable of delivering a charge for more than two minutes, for example.

[I]mprovements have been slow to materialize. In fact, driver satisfaction with public charging has only worsened over the past year, according to the latest J.D. Power Electric Vehicle Experience Ownership Study, released in February. As the variety, price, and range of EVs available to US drivers have become more attractive, mistrust of public charging now constitutes the most significant headwind for EV adoption, J.D. Power says.
The report also "lists the biggest infrastructure pain points," reports the Verge, "including a failure to report broken stalls, inaccurate station status messages, aging equipment, and some habitually unreliable network providers (who go unnamed in the study, unfortunately)." EV chargers can break in many ways, the study concludes. These include broken retractor systems intended to protect the cable from getting mangled by vehicle tires, broken screens, and inoperable payment systems. There is also general damage to the cabinet and, of course, broken cables and connectors.

Across the chargers recorded, ChargerHelp calculates that actual uptime is only 73.7 percent, compared to the 84.6 percent self-reported by the EV network providers.

"Algorithmic price-fixing appears to be spreading to more and more industries," warns the Atlantic. "And existing laws may not be equipped to stop it."

They start with RealPage's rental-property software (pointing out that "a series of lawsuits says it's something else: an AI-enabled price-fixing conspiracy" and "The lawsuits also argue that RealPage pressures landlords to comply with its pricing suggestions.") But the most important point is that RealPage isn't the only company doing this: Its main competitor, Yardi, is involved in a similar lawsuit. One of RealPage's subsidiaries, a service called Rainmaker, faces multiple legal challenges for allegedly facilitating price-fixing in the hotel industry. (Yardi and Rainmaker deny wrongdoing.) Similar complaints have been brought against companies in industries as varied as health insurance, tire manufacturing, and meat processing. But winning these cases is proving difficult.
The article notes that "Agreeing to fix prices is punishable with up to 10 years in prison and a $100 million fine." But it also notes concerns that algorithms could produce price-fixing-like behavior that's "almost impossible to prosecute under existing antitrust laws. Price-fixing, in other words, has entered the algorithmic age, but the laws designed to prevent it have not kept up." Last week, San Francisco passed a first-of-its-kind ordinance banning "both the sale and use of software which combines non-public competitor data to set, recommend or advise on rents and occupancy levels."

Whether other jurisdictions follow suit remains to be seen.

In the meantime, more and more companies are figuring out ways to use algorithms to set prices. If these really do enable de facto price-fixing, and manage to escape legal scrutiny, the result could be a kind of pricing dystopia in which competition to create better products and lower prices would be replaced by coordination to keep prices high and profits flowing. That would mean permanently higher costs for consumers — like an inflation nightmare that never ends.

An anonymous reader shared this report from CNN: More than a year after Hyundai and Kia released new anti-theft software updates, thefts of vehicles with the new software are falling — even as thefts overall remain astoundingly high, according to a new analysis of insurance claim data. The automakers released the updates starting last February, after a tenfold increase in thefts of certain Hyundai and Kia models in just the past three years — sparked by a series of social media posts that showed people how to steal the vehicles. "Whole vehicle" theft claims — insurance claims for the loss of the entire vehicle — are 64% lower among the Hyundai and Kia cars that have had the software upgrade, compared to cars of the same make, model and year without the upgrade, according to the Highway Loss Data Institute. "The companies' solution is extremely effective," Matt Moore, senior vice president of HLDI, an industry group backed by auto insurers, said in a statement...

Between early 2020 and the first half of 2023, thefts of Hyundai and Kia models rose more than 1,000%.
The article points out that HDLI's analysis covered 2023, and "By the end of that year, only about 30% of vehicles eligible for the security software had it installed. By now, around 61% of eligible Hyundai vehicles have the software upgrade, a Hyundai spokesperson said."

The car companies told CNN that more than 2 million Hyundai and Kia vehicles have gotten the update (part of a $200 million class action settlement reached in May of 2023).

Google's loss in an antitrust trial is just the beginning. According to Yahoo Finance's senior legal reporter, Google now also has to defend itself "against another perilous antitrust challenge that could inflict more damage." Starting in September, the tech giant will square off against federal prosecutors and a group of states claiming that Google abused its dominance of search advertising technology that is used to sell, buy, and broker advertising space online... Juggling simultaneous defenses "will definitely create a strain on its resources, productivity, and most importantly, attention at the most senior levels," said David Olson, associate professor at Boston College Law School.... The two cases targeting Google have the potential to inflict major damage to an empire amassed over the last two decades.

The second case that begins next month began with a lawsuit filed in the US District Court for the Eastern District of Virginia by the Justice Department and eight states in December 2020... Prosecutors allege that since at least 2015 Google has thwarted meaningful competition and deterred innovation through its ownership of the entities and software that power the online advertising technology market. Google owns most of the technology to buy, sell, and serve advertisements online... Google's share of the US and global advertising markets — when measured either by revenue or impressions — exceeded 90% for "many years," according to the complaint.

The government prosecutors accused Google of siphoning off $0.35 of each advertising dollar that flowed through its ad tech tools.
Thanks to Slashdot reader ZipNada for sharing the article.

There's a rot at the heart of modern software development that's destroying innovation, and infosec legend Moxie Marlinspike believes he knows exactly what's to blame: Agile development. Marlinspike argued that Agile methodologies, widely adopted over the past two decades, have confined developers to "black box abstraction layers" that limit creativity and understanding of underlying systems.

"We spent the past 20 years onboarding people into software by putting them into black box abstraction layers, and then putting them into organizations composed of black box abstraction layers," Marlinspike said. He contended this approach has left many software engineers unable to do more than derivative work, lacking the deep understanding necessary for groundbreaking developments. Thistle Technologies CEO Window Snyder echoed these concerns, noting that many programmers now lack knowledge of low-level languages and machine code interactions. Marlinspike posited that security researchers, who routinely probe beneath surface-level abstractions, are better positioned to drive innovation in software development.

Signal developer Moxie Marlinspike criticized early encryption software's user-unfriendly design at Black Hat 2024, admitting he and others initially failed to consider non-technical users' needs. Speaking with Black Hat founder Jeff Moss, Marlinspike said developers of tools like Pretty Good Privacy (PGP) wrongly assumed users would adopt complex practices like running keyservers and signing keys over dinner. "We were just wrong," Marlinspike said, describing this as "software snobbery" that undermined wider adoption. "You take on the complexity instead of making the user deal with it," Marlinspike contrasted PGP's arcane interface with Signal's more accessible design.

"Sonos is delaying two hardware releases originally planned for later this year as it deploys an all-hands-on-deck approach to fixing the app," writes The Verge's Chris Welch. The company released a redesigned mobile app on May 7th that has been riddled with flaws and missing features. Sonos also entered the crowded headphone market in May with the launch of its Ace headphones, but it was immediately "overshadowed" by problems with the new Sonos app, according to Sonos CEO Patrick Spence. The Verge reports: "I will not rest until we're in a position where we've addressed the issues and have customers raving about Sonos again," Spence said during the afternoon earnings call. "We believe our focus needs to be addressing the app ahead of everything else," he continued."This means delaying the two major new product releases we had planned for Q4 until our app experience meets the level of quality that we, our customers, and our partners expect from Sonos." One of those two products is almost certainly Sonos' next flagship soundbar, codenamed Lasso, which I revealed last month. "These products were ready to ship in Q4," Spence said in response to a question on the call.

He also went in-depth on the app issues and how Sonos plans to fix them. Spence remains adamant that overhauling the app and its underlying infrastructure "was the right thing to do" for the company's future; the new app "has a modular developer platform based on modern programming languages that will allow us to drive more innovation faster," he said. But Spence also now acknowledges that the project was rushed. "With the app, my push for speed backfired," he said. "As we rolled out the new software to more and more users, it became evident that there were stubborn bugs we had not discovered in our testing. As a result, far too many of our customers are having an experience that is worse than what they previously had." [...]

For now, Sonos is turning to some longtime experts for help. "I've asked Nick Millington, the original software architect of the Sonos experience, to do whatever it takes to address the issues with our new app," Spence said. Sonos board member Tom Conrad is helping to oversee the app improvement effort and "ensure" things stay on the right track.

Palantir Chief Technology Officer Shyam Sankar has called for faster defense spending, arguing the Pentagon should focus on rapid deployment over higher budgets. "The biggest challenge is speed," Sankar told Axios in an interview. "The Department of Defense would be better off spending half as much money twice as quickly."

The U.S. military has "lost our ability to value time," he said. The Denver-based software company, known for its work in areas ranging from vaccine logistics to Ukraine demining efforts, has positioned itself as a "software prime" in the defense sector.

Ryan Christoffel writes via 9to5Mac: Since the Mac doesn't have the same locked-down app distribution system of iOS and iPadOS, Apple has created other tools meant to protect users. Some of those tools include app signing and notarization. Essentially, these provide a way for Apple to perform a level of vetting for macOS apps, even ones that don't hit the Mac App Store. The intent is to ultimately prevent harmful software from being inadvertently opened by Mac users. Trying to open an app that isn't correctly signed or notarized results in some scary warnings. But until now, power users could bypass those warnings -- and Apple's overall security process -- using a Control-click shortcut. But that shortcut is going away in macOS Sequoia.

According to a new post on the Apple Developer site: "In macOS Sequoia, users will no longer be able to Control-click to override Gatekeeper when opening software that isn't signed correctly or notarized. They'll need to visit System Settings > Privacy & Security to review security information for software before allowing it to run." The post then urges developers to make sure their software is properly signed so users won't need to jump through these hoops.

Zack Whittaker reports via TechCrunch: A cyberattack on Mobile Guardian, a U.K.-based provider of educational device management software, has sparked outages at schools across the world and has left thousands of students unable to access their files. Mobile Guardian acknowledged the cyberattack in a statement on its website, saying it identified "unauthorized access to the iOS and ChromeOS devices enrolled to the Mobile Guardian platform." The company said the cyberattack "affected users globally," including in North America, Europe and Singapore, and that the incident resulted in an unspecified portion of its userbase having their devices unenrolled from the platform and "wiped remotely." "Users are not currently able to log in to the Mobile Guardian Platform and students will experience restricted access on their devices," the company said.

Mobile device management (MDM) software allows businesses and schools to remotely monitor and manage entire fleets of devices used by employees or students. Singapore's Ministry of Education, touted as a significant customer of Mobile Guardian on the company's website since 2020, said in a statement overnight that thousands of its students had devices remotely wiped during the cyberattack. "Based on preliminary checks, about 13,000 students in Singapore from 26 secondary schools had their devices wiped remotely by the perpetrator," the Singaporean education ministry said in a statement. The ministry said it was removing the Mobile Guardian software from its fleet of student devices, including affected iPads and Chromebooks.

An anonymous reader quotes a report from The Register: Before WordPerfect, the most popular work processor was WordStar. Now, the last ever DOS version has been bundled and set free by one of its biggest fans. WordStar 7.0d was the last-ever DOS release of the classic word processor, and it still has admirers today. A notable enthusiast is Canadian SF writer Robert J Sawyer, who wrote the book that became the TV series Flashforward.

Thanks to his efforts you can now try out this pinnacle of pre-Windows PC programs for professional prose-smiths. Sawyer has taken the final release, packaged it up along with some useful tools -- including DOS emulators for modern Windows -- and shared the result. Now you, too, can revel in the sheer unbridled power of this powerful app. The download is 680MB, but as well as the app itself, full documentation, and some tools to help translate WordStar documents to more modern formats, it also includes copies of two FOSS tools that will let you run this MS-DOS application on modern Windows: DOSbox-X and vDosPlus. "The program has been a big part of my career -- not only did I write all 25 of my novels and almost all of my short stories with it (a few date back to the typewriter era), I also in my earlier freelance days wrote hundreds of newspaper and magazine articles with WordStar," says Sawyer.

An anonymous reader quotes a report from Ars Technica: Unlike Tesla, which hopes to develop its own bipedal 'bot to work on its production line sometime next year, BMW has brought in a robot from Figure AI. The Figure 02 robot has hands with sixteen degrees of freedom and human-equivalent strength. "We are excited to unveil Figure 02, our second-generation humanoid robot, which recently completed successful testing at the BMW Group Plant Spartanburg. Figure 02 has significant technical advancements, which enable the robot to perform a wide range of complex tasks fully autonomously," said Brett Adcock, founder and CEO of Figure AI.

BMW wanted to test how to integrate a humanoid robot into its production process -- how to have the robot communicate with the production line software and human workers and determine what requirements would be necessary to add robots to the mix. The Figure robot was given the job of inserting sheet metal parts into fixtures as part of the process of making a chassis. BMW says this required particular dexterity and that it's an ergonomically awkward and tiring task for humans.

Now that the trial is over, Figure's robot is no longer working at Spartanburg, and BMW says it has "no definite timetable established" to add humanoid robots to its production lines. "The developments in the field of robotics are very promising. With an early-test operation, we are now determining possible applications for humanoid robots in production. We want to accompany this technology from development to industrialization," said Milan Nedeljkovi, BMW's board member responsible for production. BMW Group published a video of the Figure 02 robot on YouTube.